British newspaper The Guardian has confirmed that cybercriminals accessed the personal details of U.K. staff members during a ransomware attack last month.
The Guardian confirmed the data breach in an update emailed to staff on Wednesday, which the newspaper reported shortly after. The email, signed by the news outlet’s chief executive Anna Bateson and editor-in-chief Katharine Viner, told employees that the cyberattack involved “unauthorised third-party access to parts of our network,” and was likely triggered by a phishing attempt, but did not elaborate further.
Phishing is a common tactic employed by attackers and has been blamed for recent data breaches at Twilio, DoorDash and Bed Bath & Beyond.
The Guardian warned U.K. staff that attackers had accessed their sensitive personal information. The newspaper has approximately 1,500 employees around the globe — with 90% in the United Kingdom.
A spokesperson for The Guardian told TechCrunch that it confirmed “all U.K. staff are affected” by the breach, and data accessed “may include human resources data collected as part of everyone’s employment at The Guardian.” The spokesperson confirmed that employee names, addresses, national insurance numbers, government identity documents and salary details were compromised, as first reported by The Record.
The company added that it had no reason to believe the personal data of readers and subscribers had been accessed, nor does it believe that hackers accessed the personal data of staff in the U.S. or Australia.
But there remain several unknowns about the cyberattack, such as who was responsible, and if The Guardian paid a ransom demand.
The Guardian first confirmed that it had been hit by a ransomware attack on December 21. At the time, staff were told to work from home until at least January 23 as the organization battled with “behind the scenes” disruption. The newspaper said that while it expects some critical systems to be back up and running “within the next two weeks,” a return to office working by U.K. staff has been postponed until early February.